Thursday, April 13, 2017

Research, Phone Scams, and Ethics

Via a reader, Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis, of Stony Brook University recently conducted a study on phone scams - by posing as victims of the scams themselves:
Over the course of 60 calls, they found that the con artists all followed a narrow script. By backtracking the con artists' connections to their PCs, the researchers were able to determine that the majority of the scammers (85%) are in India, with the remainder in the USA (10%) and Costa Rica (5%).

The researchers found 22,000 instances of the scam, but they all shared about 1,600 phone numbers routed primarily through four VoIP services: Twilio, WilTel, RingRevenue, and Bandwidth. They also used multiple simultaneous dial-ins and counted the busy signals as a proxy for discovering which numbers led to the most organized gangs.
The full-text of the study is available here.

This is a really interesting study to me, not just because of its findings, but because of its methods. This is not the first instance of researchers studying people who are engaged in criminal behavior. But this is (as far as I know) the first time researchers have studied people actively engaged in criminal behavior while a) not telling the participants they are being studied and b) acting like victims of the would-be crime.

According to their section on IRB approval, they obtained waivers of consent and debriefing and were allowed to use deception (a cover story - in this case, that they really were computer users calling the tech support number). Basically, the scammers had no idea they were being studied during any of the interaction. You can conduct some observation research without informing participants, but that's for behaviors considered public.

If you're observing more private interactions, you need the permission of the person(s) being observed. Obviously, they were able to convince their IRB to let them do this, and I'm sure, in return, they had to offer participants the same rights any research participant would receive - particularly confidentiality. Turning the scammers in after the study is over - while probably the right (moral) thing to do to prevent future crimes and protect potential victims - would violate confidentiality (research ethics). Just another demonstration of the difference between ethics and morals.

What do you think readers?

No comments:

Post a Comment